SHA-1 Broken by Cryptographers from Sydney

Australian cryptographers have discovered new bugs and exploitable vulnerabilities in the widely popular SHA-1 digital signature algorithm that could create grave repercussions for SHA-1-based applications that validate websites, sign e-mail, and undertake numerous other online verification functions.

Secure hashing algorithms were specifically developed to reduce digital or text files to a distinctive series of numbers and letters that is often measured up to the document's signature. On that note, the Macquarie University researchers based in Sydney, Australia has recently found a viable means to compromise one such algorithm in considerably fewer attempts than normally needed.

Even though the hash function of the algorithm was alleged to endure and survive 263 breaching attempts, the cryptographers have managed to reduce that figure to a mere 252. To the non-tech-savvy layman, 11 less attempts may seem like a negligible difference, but to well-funded cyber criminals everywhere, that number puts practical hacker attacks within the realm of possibility.

The cryptologists' findings, which were published yesterday

Shows that it's now easier to develop what the researchers call as collisions in SHA-1, in which a pair of divergent sources share the same output.

Paul Kocher, the chief scientist and president of the San-Francisco-based Cryptography Research consultancy, says that he's expecting SHA-1 collisions to become a lot more commonplace by the end of 2009, if not sooner. He adds that many people are particularly worried about applications that are most likely to be compromised by these collisions.

Just last year, the MD5 algorithm was exposed as faulty by a couple of independent Internet security researchers. Using the computing power of more than 200 PlayStation 3 consoles, they created rogue certifications and credentials needed by botnets to masquerade as reputable websites dependent on that security measure. The vulnerability led to certificate authorities like VeriSign's RapidSSL to alter the way they produce SSL (Secure Sockets Layer) certificates for websites.

The new, Aussie-discovered hacking method merges a boomerang attack with what's identified as a nonlinear differential path. This technique dramatically decreases the expenses needed to launch a feasible collision attack by a factor of more than 2,000 compared to earlier methods. As of this writing, the research paper has not yet been peer reviewed.

Previous hashes like MD4 and SHA-0 have also shown a weakness against collisions generated by reasonably affordable ways. With these latest findings in algorithm limits, it looks like developers need to develop an MD500 or SHA-9999 algorithm in the near future, if they haven't already.